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DETAILED ACTION 

1 . Claims 1-36 have been examined. 

Specification 

2. The abstract of the disclosure is objected to. Paragraph number [0047] should be deleted from 
the abstract. 

Claim Rejections -35 (JSC §101 

3. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

Claims 1-18 and 27-30 are rejected under 35 U.S.C. 101 because the claimed invention is 
directed to non-statutory subject matter. 

Claims 1-10 and 27-30 are directed to a program per se, which are not tangibly embodied on an 
appropriate computer-readable medium and therefore does not constitute statutory subject matter. 

Regarding claims 11-18, the application discloses a "process-readable medium can be, without 
limitation , an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, 
apparatus, device, or propagation medium " (page 9, paragraph [0025], lines 5-7). Thus, the claims do 
not constitute statutory subject matter. 

Claim Rejections - 35 USC § 102 

4. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for 
the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in 
public use or on sale in this country, more than one year prior to the date of application for patent in 
the United States. 
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Claims 1-4, 7-12, 14, 16-19, 21, 25-28, 31-33 and 35 are rejected under 35 U.S.C. 102(b) as 
being anticipated by McManis (US Patent No.: 5,970,145). 

5. As per Claims 1 and 1 1 , McManis discloses, 

A method of metering execution of code, comprising: (column 1 , lines 8-9, "the present 
invention relates to systems and methods for restricting the use of executable modules"). 

- receiving a call requesting execution of a protected service within a first runtime area; 
(column 3, lines 20-24, "the main application A procedure (128-A) in the first program module furthermore 
includes a procedure call 134 to an executable procedure (e.g., the main application B procedure 128-B) 
in the second procedure module"). 

- requesting authorization to execute the protected service, wherein the authorization 
request is made from the protected service to a metering engine; (column 4, lines 1-4, "prior to 
making a procedure call to an executable procedure in program module B (step 220), procedure A makes 
a procedure call to the verifier to request verification of the authenticity of program module B (step 
202)"). 

- analyzing, with the metering engine, a contract in view of meter data to determine if the 
authorization request to use the protected service by an application should be allowed (column 4, 
lines 4-8, "the verifier then attempts to verify the authenticity of program module B and sends a return 
value to procedure A to indicate whether or not the verification of program module B was successful (step 
204)"). 

6. As per Claims 2. 3, 4 and 12 . McManis discloses, 

- wherein the analysis made within a second runtime area separate from the first runtime 
area (column 3, lines 28-32, "the procedure call 130-B to the program module verifier is logically 
positioned in the second program module immediately after the entry point to each executable 
procedure 128-B in the second program module so as to be executed prior to execution of each such 
procedure 128-B"). 

- wherein first and second runtime areas reside in different partitions of memory; and 
wherein the first runtime area is located at the first computing device and the second runtime area 
is located at a second computing device (see FIGURE 1 and column 3, lines 7-10, "the memory 106 
stores operating system 1 10, a program module or object authenticity verifier 112, and a set of application 
program object instances 114, 116, 118, 120, also called program modules or application program 
modules). Thus, includes computing device. 
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7. As per Claims 7, 8. 14 and 18 , McManis discloses, 

- wherein requesting permission comprises opening a secure connection between the 
protected service and a metering engine configured to perform the analysis (column 4, lines 9-16, 
"more specifically, the verifier, which is preferably a distinct trusted object (or alternately a trusted system 
service procedure) receives the request message from procedure A (step 206), and decodes (step 208) 
a digital signature embedded in program module B using a public key provided by the calling procedure 
(i.e., procedure A). The public key provided by calling procedure A to the verifier is the "group" public key 
126-A embedded in program module A"). 

8. As per Claims 9 and 16 . McManis discloses, 

- wherein the permission was given additionally comprising: executing the protected 
service; (column 5, lines 66-67, "if the verifier confirms verification of program module A (step 240), 
procedure B is executed to completion (step 250)"). 

- returning results of the execution to an application that initiated the call (column 6, lines 1- 
2, "and the result generated by executing procedure is returned to procedure A (step 252)"). 

9. As per Claims 10 and 17 , McManis discloses, 

- wherein the permission was not given, additionally comprising returning notice of failure 
to execute the protected service to an application that initiated the call (column 2, lines 41-47, "in 
the preferred embodiment, when the program module verifier fails to verify the authenticity of the 
second program module, the first program module throws an exception and aborts its execution"). 

10. As per Claims 19. 21 and 27 . McManis discloses, 

A code-executing device, comprising: an application configured to consume services from 
a library of protected services; (see FIGURE 1 as applied to rejection of claim 2 above). 

- a protected service, within the library of protected services, configured to receive a 
request from the application for execution ;(abstraci, lines 1-4, "a computer system has a program 
module verifier and at least first and second program modules. Each program module includes a digital 
signature and an executable procedure"). Thus, the Application Modules A, B, C, D, ... in FIGURE 1 are 
the library of services and any one of the modules could be a protected service as claimed. 

- and a metering engine, configured to return of an allowance code or a rejection code to 
the request based on rules governing operation of the protected service (see FIGURE 1 : 1 1 2 for 
Verifier; 130-A/B and 132-A/B for allowance or rejection). 
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1 1 . As per Claims 25 and 26 . McManis discloses, 

- additionally comprising a library of applications, within which the application is 
contained (see rejection of claim 19 above). 

12. As per Claim 28 . 

This claim recites limitations that are similar to claim 2. Therefore, see number 6 above, as 
applied to the rejection of claim 2 limitations. 

13. As per Claim 31 . McManis discloses, 

A code executing device for metering execution of code, the code-executing device 
comprising: means for calling a protected service from an application; (column 2, lines 16-18, "the 
second program module includes an executable procedure to be performed in response to the procedure 
call by the first program module to the second program module"). Includes inherent means for calling 
protected service. 

- means for calling a metering engine from the protected service; (column 4, lines 1-4, "prior 
to making a procedure call to an executable procedure in program module B (step 220), procedure A 
makes a procedure call to the verifier to request verification of the authenticity of program module B 
(step 202)"). Includes inherent means for calling metering engine from protected service. 

- and means for analyzing a contract to determine whether to allow or prohibit use of the 
protected service by the application (column 4, lines 4-8, "the verifier then attempts to verify the 
authenticity of program module B and sends a return value to procedure A to indicate whether or not the 
verification of program module B was successful (step 204)"). Includes inherent means for analyzing. 

14. As per Claims 32 and 33 , McManis discloses, 

- where allowance was determined to be appropriate: means, defined in the protective 
service, for executing functionality requested by the application; ((column 5, lines 66-67, "if the 
verifier confirms verification of program module A (step 240), procedure B is executed to completion (step 
250)"). Includes inherent means for executing. 

- means for returning results of the execution to the application; (column 6, lines 1-2, "and 
the result generated by executing procedure is returned to procedure A (step 252)"). Includes 
inherent means for returning results. 

- means for returning notice of rejection to the application (column 2, lines 41-47, "in the 
preferred embodiment, when the program module verifier fails to verify the authenticity of the second 
program module, the first program module throws an exception and aborts its execution"). Includes 
inherent means for returning notice of rejection. 
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15. As per Claim 35 . McManis discloses, 

The means for calling the metering engine comprises: means for opening a secure 
connection between the protected service and the metering engine; (this is means for the method 
recited in claim 7 and includes inherent means for opening secure connection). 

- and means for operating the protected service and the metering engine within distinct 
runtime areas (this is means for the method recited in claim 2 and includes inherent means for operation 
within distinct runtime areas). 

Claim Rejections - 35 USC § 103 

16. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness 
rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 5-6,13, 15, 20, 22-24, 29-30, 34 and 36 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over McMains and further in view of Choy (US Patent No: 6,141,754, cited by applicant). 

1 7. As per Claims 5. 6 and 13 . McManis discloses, 

- analyzing the request (column 3, lines 28-32). 

McManis does not explicitly disclose, 

- using a contract and meter data as inputs and updating the meter data to reflect the 
analysis 

However, in the same field of endeavor, Choy disclose the above limitation as, (column 6, lines 
12-17, "the protection specification 301 can be recorded as metadata in a database, having a link to the 
file. In this example the information can be stored in external operating system files, and managed by a 
database as if the information entity was directly stored in the database"). 

Therefore, it would have been obvious to one of ordinary skill in the art, at the time the invention 
was made, to incorporate the teachings of Choy into the methods of McManis, because one of ordinary 
skill in the art would want to provide consistent information protection (see Choy, column 3, lines 34-37). 
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18. As per Claim 15. 23 and 36 . McManis discloses, 

- wherein the metering of code execution is performed in a managed code environment 

(column 3, lines 7-10, "the memory 106 stores an operating system 110, a program module or object 
authenticity verifier 112, and a set of application program object instances 1 14, 1 16, 1 18, 120, also called 
program modules or application program modules). 

19. As per Claims 20 and 29 . McManis discloses, 

- wherein the metering engine comprises: an enforcement engine, configured for secure 
communication with the protected service (see rejection of claim 7 above). 

- a service contract, configured to supply the rules governing operation of the protected 
service to the enforcement engine; (see "verifier call instruction" in FIGURE 1 and column 2, lines 29- 
32, "more specifically, in a preferred embodiment, the program verifier module includes instructions for 
responding to a procedure call requesting verification of a specified program module"). 

McManis does not explicitly disclose, 

- and a secure store of metered data, configured to supply historical data reflecting past 
operation 

However, Choy disclose the above limitation as, (column 6, lines 32-39, "here, the protection 
specification is not limited to metadata in the same database row as the link to the protected file 
containing the information entity. Rather, the protection specification can be another file, another 
database row in the same or another database, or an object separates from the information entity. A 
relationship record relates the protection specification to the information entity to maintain referential 
integrity"). 

Therefore, it would have been obvious to one of ordinary skill in the art, at the time the invention 
was made, to incorporate the teachings of Choy into the methods of McManis, because one of ordinary 
skill in the art would want to protect information by controlling the distribution mechanism (see Choy 
column 4, lines 4-10). 

20. As per Claim 22 . McManis discloses, 

- wherein the code-executing device is a cellular phone (column 2 & 3, respective lines 66-67 
and 1-3, "referring to FIG. 1, there is a shown computer system 100. While the computer 100 may be a 
desktop computer, such as a Sun workstation, IBM compatible computer, or Macintosh computer, 
virtually any type of computer could be used"). 
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21 . As per Claim 24 , McManis discloses, 

- code-executing device 

McManis does not explicitly disclose, 

the first portion of the compound device is remotely located from the second portion of 
the compound device 

However, Choy disclose the above limitation as, (column 12, lines 36-39, "the applicable 
protection specifications and information model that are needed to clear an entity may come with the 
entity, or may be obtained locally or remotely"). 

Therefore, it would have been obvious to one of ordinary skill in the art, at the time the invention 
was made, to incorporate the teachings of Choy into the methods of McManis, because one of ordinary 
skill in the art would want to implement the operation in a distributed environment-across one or more 
computing domain. 

22. As per Claim 30 . McManis discloses, 

- return of the allowance code or the rejection code by: (column 4, lines 4-8). 

McManis does not explicitly disclose, 

- a service contract containing the rules governing operation the protected service; 

However, Choy disclose the above limitation as, (column 3, lines 54-60, "the protection 
specification includes information for controlling the use of the information entity, and can include at least 
one of access control information, intellectual property rights management information, and integrity and 
authenticity assurance information related to the information entity"). 

- a secure store of meter data; (see rejection of claim 20 above). 

- data from the secure store of meter data as input to the analysis; and updating the 
secure store of meter data to reflect the analysis (see rejection of claim 5) 

23. As per Claim 34 , McManis discloses, 

The means for analyzing the contract comprises: means for analyzing the contract using 
identity of the application, identity of the protected service, rules within the contract, and data 
from a secure store of meter data as input to the analysis; (column 4, lines 38-44, "an access 
checking unit code means for checking whether a user has a privilege to access the protected information 
entity based on the protection specification and the access control manager, and checking whether the 
requested access meets conditions determined based on the protection specification and enforced by the 
enhanced access control manager"). 
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- and means for updating the secure store of meter data to reflect the analysis (column 4, 
lines 33-36, "the program product includes a protection specification code means for storing the 
protection specification and includes an access control enforcement manager and an enhanced access 
control enforcement manager"). 

24. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. (See PTO-892) 

25. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Amare F. Tabor whose telephone number is (571) 270- 
3155. The examiner can normally be reached on Mon-Fri 7:30a.m. to 5:00p.m., EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Chameli Das can be reached on (571) 270-1392. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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